Snowden Files: NSA Plans to Infect Millions of Computers With Malware

Classified files leaked by former National Security Agency contractor Edward Snowden reveal the agency's plans to covertly hack into "millions" of computers through "groundbreaking surveillance technology," according to First Look Media.

The NSA developed the technology "to infect potentially millions of computers worldwide with malware implants," reports The Intercept, a publication founded by journalist Glenn Greenwald, who published the first of Snowden's leaks. "The clandestine initiative enables the NSA to break into targeted computers and to siphon out data from foreign Internet and phone networks."

The agency is at times pretending to be Facebook. "In some cases the NSA has masqueraded as a fake Facebook server, using the social media site as a launching pad to infect a target's computer and exfiltrate files from a hard drive," Intercept explained.

In other cases, it has sent out spam emails containing the malware, which allows it to record audio from a computer's microphone and take photos with its webcam, according to the report.

The story also details how the NSA was able to trick target computers by transmitting "malicious" data packets that disguise it as the real Facebook, luring targets into logging in to a doppelganger version of the site, a technique dubbed "Quantumhand."

The documents provided by Snowden show how the NSA has aggressively accelerated its hacking initiatives in the past decade by computerizing some processes and taken them out of human hands.

"The automated system — codenamed TURBINE — is designed to 'allow the current implant network to scale to large size (millions of implants) by creating a system that does automated control implants by groups instead of individually,'" said The Intercept.

"If this report is accurate, the NSA is acting like a spambot," Harley Geiger, senior counsel at the Center for Democracy & Technology, told National Journal.

"The use of malware implants should be targeted against specific threats in tightly controlled situations, but this kind of mass automated surveillance would put countless Internet users at risk," Geiger said.

A Facebook spokesman told the publication that it has no evidence of such activity on the part of the NSA. "In any case, this method of network level disruption does not work for traffic carried over HTTPS, which Facebook finished integrating by default last year," said the spokesman.

"If government agencies indeed have privileged access to network service providers, any site running only HTTP could conceivably have its traffic misdirected."

The NSA, for its part, issued a statement saying, "Signals intelligence shall be collected exclusively where there is a foreign intelligence or counterintelligence purpose," the National Journal reports.